Files
openwrt/package/libs
Hauke Mehrtens 0d5fa22487 openssl: update to 3.5.7
This release incorporates the following bug fixes and mitigations:

 * Fixed heap use-after-free in PKCS7_verify(). (CVE-2026-45447)
 * Fixed CMS AuthEnvelopedData processing may accept forged messages. (CVE-2026-34182)
 * Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler. (CVE-2026-34183)
 * Fixed NULL pointer dereference in QUIC server initial packet handling. (CVE-2026-42764)
 * Fixed AES-OCB IV ignored on EVP_Cipher() path. (CVE-2026-45445)
 * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. (CVE-2026-7383)
 * Fixed out-of-bounds read in CMS password-based decryption. (CVE-2026-9076)
 * Fixed heap buffer over-read in ASN.1 content parsing. (CVE-2026-34180)
 * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. (CVE-2026-34181)
 * Fixed possible NULL dereference in password-dased CMS decryption. (CVE-2026-42766)
 * Fixed NULL pointer dereference in CRMF EncryptedValue decryption. (CVE-2026-42767)
 * Fixed multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt(). (CVE-2026-42768)
 * Fixed trust anchor substitution via cert/issuer typo in CMP rootCaKeyUpdate. (CVE-2026-42769)
 * Fixed FFC-DH peer validation uses attacker-supplied q. (CVE-2026-42770)
 * Fixed incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV modes. (CVE-2026-45446)

Link: https://github.com/openwrt/openwrt/pull/23852
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2026-06-18 12:21:05 +02:00
..
2026-06-04 09:59:32 +02:00
2026-05-08 10:22:40 +02:00
2026-06-10 21:30:40 +02:00
2026-04-27 10:50:53 +02:00
2026-04-27 10:50:53 +02:00
2026-04-27 10:50:53 +02:00
2026-06-04 09:49:44 +02:00
2026-06-18 12:21:05 +02:00